Action Identity Blog

Many healthcare organizations have observed first-hand what happens when you have compliance violations during an audit.  Insecure environments in our digital age can (and often do) lead to hefty fines.  However, there’s a classic issue between security and efficiency.  This blog explores a solution that is univeral to most industry. The focus of this post is, however, focused on healthcare environments. 

Read more...

HealthcareIDM.com just launched a few weeks ago and it got us to thinking. We wanted to know what others were doing with this technology and we decided to scour the web for other information regarding identity and access management in healthcare. We were thrilled when we saw our identity management connectors on Novell’s (Now NetIQ) website.

Read more...

As technology continually integrates with the modern workforce, user-related issues are bound to arise.  Companies are eternally at odds with finding the balance between safety and efficiency.  This becomes particularly troublesome in the field of healthcare.  Healthcare is the one industry where strict compliance rules often interfere with the ability to readily retrieve critical data, such as patient information.  However, a healthy balance does exist in today’s world.

Read more...

In our last post How IAM Helps with Sarbanes-Oxley (SOX), Part 1, we covered the parts of the SOX law that can be attained by implementing an identity and access management (IAM) solution. In the previous post, we talked about the first three buckets that auditors look for in SOX compliance findings, including confidentiality, integrity, and availability. 

Read more...

Sarbanes-Oxley (SOX) was signed into law back in 2002.  SOX is aimed at giving investors confidence in the financial data provided by the company.  The key part of the SOX act is in Section 404.  Section 404, titled “Management Assessment of Internal Controls” requires management to take responsibility for the integrity of their financial information.  To accomplish this, IT processes, procedures, and systems must be evaluated to provide evidence that the company has kept sensitive data secured.  While IT is not specifically addressed in the legislation, it is implied.

Read more...